Among many issues facing the aviation industry, such as sustainability, supply chain disruption, and geopolitical turbulance, lurks another concern – cybersecurity.
An increasing number of critical infrastructure organisations are being attacked, and airlines and airports make for attractive targets for cyberattackers seeking to attract attention or affect geopolitical change.
Alex Haynes, chief information security officer at travel organisation software specialist IBS Software, believes that what differentiates cybersecurity in transport from other sectors, through previous experience, is that “it’s always online and public-facing”.
IBS Software has over 120 customers ranging from airlines, airports, cargo freight logistics and ocean freight, carriers including airlines such as Qantas, Emirates, KLM, and British Airways, making them a key player in keeping the booking systems for most commercial air travel up and running.
Who is attacking airlines, and why?
The public-facing nature of transport booking systems makes them susceptible to targeted disruption. Haynes explains that if booking systems for these carriers are down for even an hour, the ripple effect could be huge, with millions of passengers unable to get on planes or book flights. This can cause companies to lose large sums of money instantaneously, with the accompanying reputation damage to boot.
Some cyberattacks against airlines have been motivated by geopolitical issues, with Russia’s invasion of Ukraine causing a big increase in Russian-associated airlines or airports being targeted. He explains that those hacking for geopolitical reasons, rarely differentiate the company from the nation-state viewing, for example, Emirates as synonymous with the United Arab Emirates.
Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Company Profile – free
sample
Your download email will arrive shortly
We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form
By GlobalData
The aerospace cyber threat landscape
Airlines and airports are targeted with a range of attacks from distributed denial of service (DDoS) ransomware attacks to attacks scraping consumer personal data.
Scraping attacks in the transport sector, see attackers “try to brute force passenger names and booking references”, according to Haynes, to try and scrape personal data. In this scenario, attacks aren’t trying to damage the airline’s systems but exfiltrate personal data so they can attack passengers directly.
While the systems of the airlines are being explicitly attacked here, the reputational damage from these types of attacks could be significant. Though ransom DDoS attacks are less common, these types of attacks have the potential to cause severe disruption to airline booking services.
Haynes explains: “They [cyberattackers] just flood the website or the application with just a huge amount of traffic, and the website just can’t keep up it just crashes and falls over. And there’s not much you can do about it.”
Sometimes DDoS attacks will continue flooding the websites until the company pay a ransom to halt the attack, however, Haynes notes that this is somewhat rare in the travel industry.
While not directly attacking their systems, phishing attacks are also something companies must navigate as cyber criminals use the names and branding of global airlines to attempt to obtain consumer’s bank details.
Mitigating threats by improving cybersecurity
Monitoring around 6,000 different systems and approximately 10,000 events per second the volume of alerts to filter is a significant task for IBS Software.
Constant monitoring of potential threats helps to decipher if a vendor of a certain software has been attacked or whether particular airlines or technologies are being targeted, and is vital to good cybersecurity.
“We have a team that’s 24/7 that does that around the clock and it’s not unusual when you look at automated attacks. It’s constant right all the time,” comments Haynes.
The cyber threat detection teams will also set up honeypots to ascertain the threat landscape and monitor various hacking forums for the most up-to-date information.
Explaining how honeypots work to gain more insight into which cyber attacks are most likely, Haynes adds: “Honeypots are systems that are made to look like a real system that is to use to attract attacks.”
From these attacks on honeypots, the team can then gain insight into what is going on and assess what countermeasures can be put into place to protect against those types of attacks.
Underscoring the need to anticipate attacks in the case of DDoS, Haynes comments: “You think of it as a giant water pipe. If you haven’t got anything prepared to filter the water somewhere else before the attack, then you can’t do anything about it once you’re under attack.”
In the event that an attack does happen, Haynes says that there are various playbooks that are followed step by step.
“If it was a virus, for example, it’d be isolate the machine just cut it off from the network. That means it can’t talk in or out anymore. We clean it, find the source of the infection, delete it, remove it, rebuild the system,” he explains.
“We’ll look at the logs to see if any data was exfiltrated, and in that event, we would inform the customer to say this is exactly what was taken and when.”